From: Ezio Melotti <ezio.melotti@gmail.com>
Date: Fri, 9 Nov 2012 10:46:19 +0000 (+0100)
Subject: #13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py.  Patch... 
X-Git-Tag: v2.7.4rc1~397
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=dc118790de7e608851e646d8b28020122707d31a;p=thirdparty%2FPython%2Fcpython.git

#13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py.  Patch by Serhiy Storchaka.
---

diff --git a/Misc/NEWS b/Misc/NEWS
index 16ddf41e288c..d8821b0e5cad 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -530,6 +530,12 @@ Build
 
 - Issue #14437: Fix building the _io module under Cygwin.
 
+Tools/Demos
+-----------
+
+- Issue #13301: use ast.literal_eval() instead of eval() in Tools/i18n/msgfmt.py
+  Patch by Serhiy Storchaka.
+
 Documentation
 -------------
 
diff --git a/Tools/i18n/msgfmt.py b/Tools/i18n/msgfmt.py
index 5dd5430a5242..8c9b9dc9a341 100755
--- a/Tools/i18n/msgfmt.py
+++ b/Tools/i18n/msgfmt.py
@@ -25,8 +25,9 @@ Options:
         Display version information and exit.
 """
 
-import sys
 import os
+import sys
+import ast
 import getopt
 import struct
 import array
@@ -170,8 +171,7 @@ def make(filename, outfile):
         l = l.strip()
         if not l:
             continue
-        # XXX: Does this always follow Python escape semantics?
-        l = eval(l)
+        l = ast.literal_eval(l)
         if section == ID:
             msgid += l
         elif section == STR: